Analyst Insight: The risk you cannot see is the risk that will hurt you. Most supply chain ESG efforts focus on Tier 1 suppliers, because they are the ones with contracts, and with audits on file. But that is not where the most serious social and governance risks live.

Nearly half of supply chain executives report ESG visibility only to their immediate Tier 1 trading partners, while nearly a third have no structured visibility at all beyond their own four walls. Meanwhile, forced labor, sanctions-linked suppliers and governance failures — the kind that end up in court filings and on front pages — tend to surface not in your direct suppliers, but in theirs.

"S" and "G" Aren’t Soft Issues Anymore

For years, companies treated the social and governance dimensions of ESG as important for the annual report, but not operationally urgent. That is changing fast, because regulators and courts are making it costly not to act.

The Uyghur Forced Labor Prevention Act has shifted the burden of proof squarely onto the importer. The EU's Corporate Sustainability Due Diligence Directive extends similar obligations across the value chain. In the U.S., even as federal ESG regulation retreats, state-level litigation — particularly in California and New York — continues to expand. Greenwashing class actions have surpassed 150 cases. The question of what a company knew about its suppliers, and when, is becoming a legal question as much as an ethical one.

Governance risk is equally acute. When a supplier turns out to be owned or controlled by a sanctioned entity, or when a key business partner is linked through a network of shell companies to a state actor under sanctions, the exposure to the buyer can be severe — even if no direct relationship existed. Associated party risk is the new frontier of supply chain due diligence.

Traditional Audits Are Not Enough

Supplier questionnaires and periodic audits were designed for a world where risks were relatively stable and largely visible. Today's risk environment is neither. Sanctions lists change overnight. Adverse media about a supplier's suppliers can emerge in any language, in any jurisdiction. The beneficial ownership structures of companies — particularly in high-risk regions — are deliberately opaque.

This is compounding a problem that procurement and compliance teams are already struggling to resource. The honest reality is that manual due diligence — even well-resourced manual due diligence — cannot keep pace with the volume, velocity and linguistic breadth of the information environment that governs third-party risk today.

What Effective Diligence Actually Requires

Companies that are getting this right are doing a few things differently. First, they are going deeper in the supply chain — mapping not just direct suppliers, but the entities those suppliers are connected to. Associated party identification, including beneficial owners, directors, related companies and linked individuals, is becoming a core discipline rather than an occasional exercise.

Second, they are monitoring continuously, not just at onboarding. The risk a supplier presented when they were first vetted may look very different eighteen months later, or even tomorrow. Sanctions designations, adverse media, and ownership changes can occur at any time. 

Third, they are looking at adverse media with genuine breadth. Social and governance red flags rarely appear first in English-language press. Labor rights violations, corruption investigations and sanctions-adjacent activity are often reported initially in local media — in Chinese, Russian, Arabic or dozens of other languages. 

Closing the Visibility Gap

Artificial intelligence is now a practical tool — not a future aspiration — for the kind of multi-tier, multi-language, continuous screening that effective supply chain ESG demands. Automated entity resolution can link related parties across complex corporate structures. Natural language processing can surface relevant adverse media across languages and rank it by materiality. Network analysis can reveal connections between a supplier and a sanctioned entity that no questionnaire would ever uncover.

This is not about replacing human judgement. It is about directing human attention to the right places, at the right time, with the right context. 

A Practical Starting Point

For companies looking to strengthen their social and governance risk posture without overhauling their entire compliance program, three steps offer an immediate return. Start by mapping beneficial ownership for your top-tier suppliers — understanding who controls the entities you buy from is the foundation of everything else. Then run your supplier list against current sanctions and watchlists, including associated parties and related entities. Finally, audit your adverse media capability: can it read, and meaningfully assess, content in the languages relevant to your supply chain geography?

The political conversation around ESG may be noisy and polarized. The underlying business and legal case for taking social and governance risk seriously in supply chains is neither. It is, if anything, getting clearer.

Companies that invest now in genuine supply chain visibility — beyond Tier 1, beyond questionnaires, beyond the limits of what can be done manually — will be better positioned to meet the regulatory demands of 2026 and the reputational expectations that follow.